chore(deps): bump actions/checkout from 6.0.2 to 6.0.3

[dependabot]

Bumps actions/checkout from 6.0.2 to 6.0.3.

Release notes

Sourced from actions/checkout's releases.

v6.0.3

What's Changed

• Update changelog by @​ericsciple in actions/checkout#2357
• fix: expand merge commit SHA regex and add SHA-256 test cases by @​yaananth in actions/checkout#2414
• Fix checkout init for SHA-256 repositories by @​yaananth in actions/checkout#2439
• Update changelog for v6.0.3 by @​yaananth in actions/checkout#2446

New Contributors

• @​yaananth made their first contribution in actions/checkout#2414

Full Changelog: actions/checkout@v6...v6.0.3

Commits

• df4cb1c Update changelog for v6.0.3 (#2446)
• 1cce339 Fix checkout init for SHA-256 repositories (#2439)
• 900f221 fix: expand merge commit SHA regex and add SHA-256 test cases (#2414)
• 0c366fd Update changelog (#2357)
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[mergify]

Merge Protections

Your pull request matches the following merge protections and will not be merged until they are valid.

🟢 CI must pass

Wonderful, this rule succeeded.

All CI checks must pass. Release-plz PRs are exempt because they only bump versions and changelogs (code was already tested on main), and GITHUB_TOKEN-triggered force-pushes suppress CI.

• check-success = coverage
• check-success = quality
• check-success = test-cross-platform (macos-latest, macOS)
• check-success = test-cross-platform (ubuntu-latest, Linux)
• check-success = test-cross-platform (windows-latest, Windows)
• check-success = test-features (default)
• check-success = test-features (minimal)

🟢 Do not merge outdated PRs

Wonderful, this rule succeeded.

Make sure PRs are within 3 commits of the base branch before merging

• #commits-behind <= 3

[dosubot]

Related Knowledge

2 documents with suggested updates are ready for review.

Gold Digger

Automated Release Management

View Suggested Changes

@@ -76,7 +76,7 @@
 
 ## Integration with Existing Release Workflows
 
-Release Please creates release PRs with updated version numbers and changelogs. When a release PR is merged, it creates a git tag for the new version. The existing release workflow (`.github/workflows/release.yml`) is configured to trigger on these tags, handling artifact building, signing, and publishing. The workflow uses cargo-dist v0.31.0 for distribution and pins all GitHub Actions to specific commit SHAs (`actions/checkout@v6.0.2`, `actions/upload-artifact@v7.0.0`, `actions/download-artifact@v8`) for improved security and reproducibility. Build artifacts include attestations generated via `actions/attest-build-provenance@v4`, which provide cryptographically verifiable build provenance for supply chain security. This ensures that the release process is fully automated from commit to published release [source](https://github.com/EvilBit-Labs/gold_digger/issues/57#issuecomment-3203749857).
+Release Please creates release PRs with updated version numbers and changelogs. When a release PR is merged, it creates a git tag for the new version. The existing release workflow (`.github/workflows/release.yml`) is configured to trigger on these tags, handling artifact building, signing, and publishing. The workflow uses cargo-dist v0.31.0 for distribution and pins all GitHub Actions to specific commit SHAs (`actions/checkout@v6.0.3`, `actions/upload-artifact@v7.0.0`, `actions/download-artifact@v8`) for improved security and reproducibility. Build artifacts include attestations generated via `actions/attest-build-provenance@v4`, which provide cryptographically verifiable build provenance for supply chain security. This ensures that the release process is fully automated from commit to published release [source](https://github.com/EvilBit-Labs/gold_digger/issues/57#issuecomment-3203749857).
 
 ```yaml
 name: Release

[Accept] [Edit] [Decline]

Gold Digger Release Process

View Suggested Changes

@@ -147,7 +147,7 @@
 
 The release workflow follows security best practices:
 
-- **Pinned Action Commits**: All GitHub Actions are pinned to specific commit SHAs rather than floating version tags, ensuring reproducibility and protecting against supply chain attacks. Examples include `actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd` (v6.0.2), `actions/upload-artifact@v7.0.0`, and `actions/download-artifact@v8`.
+- **Pinned Action Commits**: All GitHub Actions are pinned to specific commit SHAs rather than floating version tags, ensuring reproducibility and protecting against supply chain attacks. Examples include `actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10` (v6.0.3), `actions/upload-artifact@v7.0.0`, and `actions/download-artifact@v8`.
 
 - **Build Provenance**: The `actions/attest-build-provenance@v4` step creates verifiable attestations for all artifacts, providing cryptographic proof of the build environment and process.
 

[Accept] [Edit] [Decline]

^{How did I do? Any feedback?}

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.

📢 Thoughts on this report? Let us know!